#!/bin/bash
set -e

KEYCLOAK_URL="http://localhost:8180"
REALM="lions-user-manager"
USER_ID="672833b5-0c4c-451e-8fe9-86cdae19fb5c"

echo "=========================================="
echo "Creation des roles et assignation"
echo "=========================================="

# 1. Obtenir le token admin
echo "1. Recuperation du token admin..."
TOKEN=$(curl -s -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=admin" \
  -d "password=admin" \
  -d "grant_type=password" \
  -d "client_id=admin-cli" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)

if [ -z "$TOKEN" ]; then
  echo "Erreur: Impossible d'obtenir le token admin"
  exit 1
fi
echo "Token obtenu"

# 2. Creer les roles
echo ""
echo "2. Creation des roles..."

echo "  - Creation role: admin"
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name":"admin","description":"System administrator with full access"}'

echo "  - Creation role: user_manager"
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name":"user_manager","description":"User manager"}'

echo "  - Creation role: user_viewer"
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name":"user_viewer","description":"User viewer"}'

echo "  - Creation role: auditor"
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name":"auditor","description":"Auditor"}'

echo "  - Creation role: sync_manager"
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"name":"sync_manager","description":"Sync manager"}'

echo "Roles crees"

# 3. Recuperer les IDs des roles
echo ""
echo "3. Recuperation des IDs des roles..."
ROLES=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \
  -H "Authorization: Bearer ${TOKEN}")

ADMIN_ID=$(echo "$ROLES" | grep -o '"id":"[^"]*","name":"admin"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
USER_MANAGER_ID=$(echo "$ROLES" | grep -o '"id":"[^"]*","name":"user_manager"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
USER_VIEWER_ID=$(echo "$ROLES" | grep -o '"id":"[^"]*","name":"user_viewer"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
AUDITOR_ID=$(echo "$ROLES" | grep -o '"id":"[^"]*","name":"auditor"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
SYNC_MANAGER_ID=$(echo "$ROLES" | grep -o '"id":"[^"]*","name":"sync_manager"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)

echo "IDs recuperes:"
echo "  admin: $ADMIN_ID"
echo "  user_manager: $USER_MANAGER_ID"
echo "  user_viewer: $USER_VIEWER_ID"
echo "  auditor: $AUDITOR_ID"
echo "  sync_manager: $SYNC_MANAGER_ID"

# 4. Assigner les roles a testuser
echo ""
echo "4. Assignation des roles a testuser..."
curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/users/${USER_ID}/role-mappings/realm" \
  -H "Authorization: Bearer ${TOKEN}" \
  -H "Content-Type: application/json" \
  -d "[
    {\"id\":\"${ADMIN_ID}\",\"name\":\"admin\"},
    {\"id\":\"${USER_MANAGER_ID}\",\"name\":\"user_manager\"},
    {\"id\":\"${USER_VIEWER_ID}\",\"name\":\"user_viewer\"},
    {\"id\":\"${AUDITOR_ID}\",\"name\":\"auditor\"},
    {\"id\":\"${SYNC_MANAGER_ID}\",\"name\":\"sync_manager\"}
  ]"

echo ""
echo "=========================================="
echo "Configuration terminee!"
echo "=========================================="
echo ""
echo "Roles assignes a testuser:"
echo "  - admin"
echo "  - user_manager"
echo "  - user_viewer"
echo "  - auditor"
echo "  - sync_manager"
echo ""